[ubuntu/focal-security] golang-yaml.v2 2.2.2-1ubuntu0.1 (Accepted)

David Fernandez Gonzalez david.fernandezgonzalez at canonical.com
Mon Aug 14 07:48:14 UTC 2023

golang-yaml.v2 (2.2.2-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: DOS through excessive alias.
    - debian/patches/CVE-2021-4235.patch: Add logic to catch cases of
      alias abuse in decode.go.
    - CVE-2021-4235
  * SECURITY_UPDATE: DOS through nested or expansion in large documents.
    - debian/patches/CVE-2022-3064.patch: Improve heuristics preventing
      CPU/memory abuse in decode.go and scannerc.go.
    - CVE-2022-3064

Date: 2023-08-11 09:45:09.168815+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list